[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
Simon Josefsson
simon at josefsson.org
Wed Nov 4 08:46:53 CST 2009
Dave Cridland <dave at cridland.net> writes:
> On Tue Nov 3 15:58:34 2009, Simon Josefsson wrote:
>> So hopefully it is Just A Small Matter of, err, reordering the
>> fields
>> and things will work. Hopefully.
>
> Nope - my implementation and the specification have obviously drifted
> considerably.
>
> I think I've now brought my implementation into line, though, and it
> still fails to work.
>
> The portion I'm finding hardest to test is my Hi() function. I have,
> for example:
>
> Hi( 'pencil', '$\x93<\xdeM\x0e\xa42\xdf:\x86\x19', 4096 ) =>
> \x1e\x0ba\xd9\xb6>\x8aiN8\x98\xc8c\xad\x85is\x03"='
>
> That's with a base64 encoded salt of JJM83k0OpDLfOoYZ
That seems wrong, check your PBKDF2 implementation. I have created a
small test tool (see below) to print pbkdf2 outputs, and with those
inputs I get the following output:
6c 30 ac 3f 42 98 52 b2 14 2e 1f d2 c6 be cb de 36 4a ff 8d
This is with an PBKDF2 implementation that is used in both GNU Shishi
for Kerberos V5 and GnuTLS for X.509 (and GNU SASL for SCRAM but that
proves nothing) so I feel fairly confident that it is correct. I could
have made an error in my test tool though.
However I cannot find any test vectors for PBKDF2 which seems bad, I'll
see if I can put together a document on that.
Here is how to use my tool:
jas at mocca:~$ git clone git://git.josefsson.org/git/pbkdf2.git
...
jas at mocca:~$ cd pbkdf2/
jas at mocca:~/pbkdf2 master$ autoreconf -i
...
jas at mocca:~/pbkdf2 master$ ./configure
...
jas at mocca:~/pbkdf2 master$ make
...
jas at mocca:~/pbkdf2 master$ ./pbkdf2
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1
jas at mocca:~/pbkdf2 master$
See pbkdf2.c for changing the password/salt values.
/Simon
More information about the JDev
mailing list